Tests now enforce that a CVE JSON 5.0 record is stored in data/cve/v5 for each YAML report that sets cve_metadata.
The now-required files for all existing reports are added.
Fixesgolang/go#56302
Change-Id: I0731792cd80e672d5be7e753370d6f97e450562d
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/444576
Reviewed-by: Maceo Thompson <maceothompson@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Maceo Thompson <maceothompson@google.com>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
The test is currently skipped because it fails on TryBots.
We plan to add it as a step in the deployment process to make sure that
not reports are ever deleted.
For golang/go#56139
Change-Id: If481a607174efceb73d22d6438d0465f035d40c0
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/440635
Reviewed-by: Julie Qiu <julieqiu@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Julie Qiu <julieqiu@google.com>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Julie Qiu <julieqiu@google.com>
Lint already checks for misuse of the 'excluded' field, so we don't
need to re-check it. Also renames some variables to increase clarity.
Change-Id: Ia801c9b1a7afcd34c966f0ad47a3a083f2db6b4b
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/434615
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Put the database (active and excluded reports) under a common
directory prefix. This simplifies applying separate licenses to
the code and the database.
Change-Id: Icb2a987b96dca18a8fb064dfd9c6d67d6620e2e3
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/423394
Reviewed-by: Julie Qiu <julieqiu@google.com>
Add support for recording the reason no report exists for a CVE or GHSA.
Excluded reports are placed in the excluded/ directory, and follow the
same format as normal reports except:
- Excluded reports have a "excluded" field indicating why the
report has been excluded.
- Excluded reports must have at least one associated CVE or GHSA.
- Excluded reports need have no other fields set.
Change-Id: I4b346567bd2b0ac08c78a9bc5ae26f721a8c3147
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/422638
Reviewed-by: Julie Qiu <julieqiu@google.com>
The report.CVE field is removed and all references are replaced with
report.CVEs.
Change-Id: Id9ecab099844ab6178a2eb82412eea3233ab9511
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/375395
Trust: Julie Qiu <julie@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Vulndb-Deploy: Julie Qiu <julieqiu@google.com>
all.bash is replaced with the checks.bash setup from x/vuln, so that
tests run on TryBots.
Change-Id: I49f2265343e9e962b8587eb9a733a52651466737
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/373156
Trust: Julie Qiu <julie@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Zvonimir Pavlinovic
Tatiana Bradley
Maceo Thompson
Julie Qiu
Damien Neil
cui fliter
Jonathan Amsterdam